Bypass obfuscation for safe sources
This commit is contained in:
parent
38b712ac9a
commit
ba3124bd69
|
@ -351,6 +351,7 @@ def query_results(
|
|||
return {"message": message, "class": message_class}
|
||||
else:
|
||||
size = 20
|
||||
source = None
|
||||
if "source" in query_params:
|
||||
source = query_params["source"]
|
||||
if source not in settings.OPENSEARCH_MAIN_SOURCES:
|
||||
|
@ -378,20 +379,26 @@ def query_results(
|
|||
|
||||
if date_query:
|
||||
if settings.DELAY_RESULTS:
|
||||
if source not in settings.SAFE_SOURCES:
|
||||
if request.user.has_perm("core.bypass_delay"):
|
||||
add_top.append(range_query)
|
||||
else:
|
||||
delay_as_ts = datetime.now() - timedelta(days=settings.DELAY_DURATION)
|
||||
delay_as_ts = datetime.now() - timedelta(
|
||||
days=settings.DELAY_DURATION
|
||||
)
|
||||
lt_as_ts = datetime.strptime(
|
||||
range_query["range"]["ts"]["lt"], "%Y-%m-%dT%H:%MZ"
|
||||
)
|
||||
if lt_as_ts > delay_as_ts:
|
||||
range_query["range"]["ts"]["lt"] = f"now-{settings.DELAY_DURATION}d"
|
||||
range_query["range"]["ts"][
|
||||
"lt"
|
||||
] = f"now-{settings.DELAY_DURATION}d"
|
||||
add_top.append(range_query)
|
||||
else:
|
||||
add_top.append(range_query)
|
||||
else:
|
||||
if settings.DELAY_RESULTS:
|
||||
if source not in settings.SAFE_SOURCES:
|
||||
if not request.user.has_perm("core.bypass_delay"):
|
||||
range_query = {
|
||||
"range": {
|
||||
|
@ -571,6 +578,7 @@ def query_results(
|
|||
dedup_fields = ["msg", "nick", "ident", "host", "net", "channel"]
|
||||
results_parsed = dedup_list(results_parsed, dedup_fields)
|
||||
|
||||
if source not in settings.SAFE_SOURCES:
|
||||
if settings.ENCRYPTION:
|
||||
encrypt_list(request.user, results_parsed, settings.ENCRYPTION_KEY)
|
||||
|
||||
|
@ -596,9 +604,11 @@ def query_results(
|
|||
if query:
|
||||
context["query"] = query
|
||||
if settings.DELAY_RESULTS:
|
||||
if source not in settings.SAFE_SOURCES:
|
||||
if not request.user.has_perm("core.bypass_delay"):
|
||||
context["delay"] = settings.DELAY_DURATION
|
||||
if settings.RANDOMISATION:
|
||||
if source not in settings.SAFE_SOURCES:
|
||||
if not request.user.has_perm("core.bypass_randomisation"):
|
||||
context["randomised"] = True
|
||||
return context
|
||||
|
|
|
@ -72,7 +72,7 @@
|
|||
<div class="is-active" data-content="1">
|
||||
<h4 class="subtitle is-4">Scrollback of {{ channel }} on {{ net }}{{ num }}</h4>
|
||||
{% include 'modals/context_table.html' %}
|
||||
{% if user.is_superuser and src == 'irc' %}
|
||||
{% if user.is_superuser and source == 'irc' %}
|
||||
<form method="PUT">
|
||||
<article class="field has-addons">
|
||||
<article class="control is-expanded has-icons-left">
|
||||
|
|
|
@ -102,7 +102,7 @@
|
|||
<i class="fa-solid fa-circle"></i>
|
||||
</span>
|
||||
{% endif %}
|
||||
{% if item.src == 'irc' %}
|
||||
{% if item.source == 'irc' %}
|
||||
<a
|
||||
hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
|
||||
hx-post="{% url 'modal_drilldown' %}"
|
||||
|
@ -156,7 +156,7 @@
|
|||
hx-post="{% url 'modal_context_table' %}"
|
||||
hx-vals='{"net": "{{ net }}",
|
||||
"num": "{{ num }}",
|
||||
"src": "{{ src }}",
|
||||
"source": "{{ source }}",
|
||||
"channel": "{{ channel }}",
|
||||
"time": "{{ time }}",
|
||||
"date": "{{ date }}",
|
||||
|
|
|
@ -245,7 +245,7 @@
|
|||
hx-post="{% url 'modal_context' %}"
|
||||
hx-vals='{"net": "{{ row.cells.net|escapejs }}",
|
||||
"num": "{{ row.cells.num|escapejs }}",
|
||||
"src": "{{ row.cells.src|escapejs }}",
|
||||
"source": "{{ row.cells.src|escapejs }}",
|
||||
"channel": "{{ row.cells.channel|escapejs }}",
|
||||
"time": "{{ row.cells.time|escapejs }}",
|
||||
"date": "{{ row.cells.date|escapejs }}",
|
||||
|
@ -256,7 +256,7 @@
|
|||
"dedup": "{{ params.dedup }}"}'
|
||||
hx-target="#modals-here"
|
||||
hx-trigger="click"
|
||||
href="/?modal=context&net={{row.cells.net|escapejs}}&num={{row.cells.num|escapejs}}&src={{row.cells.src|escapejs}}&channel={{row.cells.channel|urlsafe}}&time={{row.cells.time|escapejs}}&date={{row.cells.date|escapejs}}&index={{params.index}}&type={{row.cells.type}}&mtype={{row.cells.mtype}}&nick={{row.cells.mtype|escapejs}}">
|
||||
href="/?modal=context&net={{row.cells.net|escapejs}}&num={{row.cells.num|escapejs}}&source={{row.cells.src|escapejs}}&channel={{row.cells.channel|urlsafe}}&time={{row.cells.time|escapejs}}&date={{row.cells.date|escapejs}}&index={{params.index}}&type={{row.cells.type}}&mtype={{row.cells.mtype}}&nick={{row.cells.mtype|escapejs}}">
|
||||
{{ row.cells.msg }}
|
||||
</a>
|
||||
</td>
|
||||
|
|
|
@ -216,10 +216,12 @@ def hash_lookup(user, data_dict, supplementary_data=None):
|
|||
hash_list = SortedSet()
|
||||
denied = []
|
||||
for key, value in list(data_dict.items()):
|
||||
print("DATA DICT", data_dict)
|
||||
if "source" in data_dict:
|
||||
if data_dict["source"] in settings.SAFE_SOURCES:
|
||||
continue
|
||||
if "src" in data_dict:
|
||||
if data_dict["src"] in settings.SAFE_SOURCES:
|
||||
continue
|
||||
if supplementary_data:
|
||||
if "source" in supplementary_data:
|
||||
if supplementary_data["source"] in settings.SAFE_SOURCES:
|
||||
|
|
|
@ -292,7 +292,16 @@ class DrilldownContextModal(APIView):
|
|||
nicks_sensitive = None
|
||||
query = False
|
||||
# Create the query params from the POST arguments
|
||||
mandatory = ["net", "channel", "num", "src", "index", "nick", "type", "mtype"]
|
||||
mandatory = [
|
||||
"net",
|
||||
"channel",
|
||||
"num",
|
||||
"source",
|
||||
"index",
|
||||
"nick",
|
||||
"type",
|
||||
"mtype",
|
||||
]
|
||||
invalid = [None, False, "—", "None"]
|
||||
|
||||
query_params = {k: v for k, v in request.data.items() if v}
|
||||
|
@ -306,8 +315,11 @@ class DrilldownContextModal(APIView):
|
|||
|
||||
# Lookup the hash values but don't disclose them to the user
|
||||
if settings.HASHING:
|
||||
if query_params["source"] not in settings.SAFE_SOURCES:
|
||||
SAFE_PARAMS = deepcopy(query_params)
|
||||
hash_lookup(request.user, SAFE_PARAMS)
|
||||
else:
|
||||
SAFE_PARAMS = deepcopy(query_params)
|
||||
else:
|
||||
SAFE_PARAMS = query_params
|
||||
|
||||
|
@ -346,7 +358,7 @@ class DrilldownContextModal(APIView):
|
|||
SAFE_PARAMS["sorting"] = "desc"
|
||||
|
||||
annotate = False
|
||||
if query_params["src"] == "irc":
|
||||
if query_params["source"] == "irc":
|
||||
if query_params["type"] not in ["znc", "auth"]:
|
||||
annotate = True
|
||||
# Create the query with the context helper
|
||||
|
@ -354,7 +366,7 @@ class DrilldownContextModal(APIView):
|
|||
query_params["index"],
|
||||
SAFE_PARAMS["net"],
|
||||
SAFE_PARAMS["channel"],
|
||||
query_params["src"],
|
||||
query_params["source"],
|
||||
SAFE_PARAMS["num"],
|
||||
size,
|
||||
type=type,
|
||||
|
@ -374,13 +386,13 @@ class DrilldownContextModal(APIView):
|
|||
return render(request, self.template_name, results)
|
||||
|
||||
if settings.HASHING: # we probably want to see the tokens
|
||||
if query_params["src"] not in settings.SAFE_SOURCES:
|
||||
if query_params["source"] not in settings.SAFE_SOURCES:
|
||||
if not request.user.has_perm("core.bypass_hashing"):
|
||||
for index, item in enumerate(results["object_list"]):
|
||||
if "tokens" in item:
|
||||
results["object_list"][index]["msg"] = results["object_list"][
|
||||
index
|
||||
].pop("tokens")
|
||||
results["object_list"][index]["msg"] = results[
|
||||
"object_list"
|
||||
][index].pop("tokens")
|
||||
# item["msg"] = item.pop("tokens")
|
||||
|
||||
# Make the time nicer
|
||||
|
@ -390,7 +402,7 @@ class DrilldownContextModal(APIView):
|
|||
context = {
|
||||
"net": query_params["net"],
|
||||
"channel": query_params["channel"],
|
||||
"src": query_params["src"],
|
||||
"source": query_params["source"],
|
||||
"ts": f"{query_params['date']} {query_params['time']}",
|
||||
"object_list": results["object_list"],
|
||||
"time": query_params["time"],
|
||||
|
|
Loading…
Reference in New Issue